Network and computer security are of paramount concern in the industry today. It seems as if a week does not go by without some news about a network system being compromised. Moreover, this is not just private industry as governmental agencies experience security breaches with as much frequency as the private sector.
Multi-Factor authentication entails using two or more factors during authentication to enhance security. For example, a user may authenticate to a network-based service through a user-identification and password combination as a first factor of authentication. In a second factor of authentication, the user may be asked to enter a response to a challenge question. Typically, the user is authenticated for the first and second factors before a session with the network-based service is established. That is, the multiple factors are processed during session creation.
However, there are situations where the factors following session creation (using a first factor) occur at some point in time after a valid authentication session between the user and a system are established (additional authentication factors are instituted during the authenticated session established by a first factor authentication). For example, a user logs into the system using an identification and password combination to establish an authenticated session with the system (first factor); next, and during the authenticated session, the user attempts to access a service of the system that necessitates additional authentication by the user (using a second factor of authentication). Typically, in a browser-based interface, the second factor of authentication is handled using the authenticated session within the browser to prompt the user to supply the second factor authentication for access to the service requiring the second factor authentication.
However, there are a number of situations where the user's browser being used in the authenticated browser-based session cannot support performing a second authentication during the session. There are also situations where the content that is needed to be supplied by the user for the second factor during the authenticated browser-based session cannot be provided on the device that the user is operating during the authenticated session (such as a fingerprint (content for the second factor) when there is no fingerprint device or mechanism on the device that the user is operating during the authenticated session). It may also be that the user is remoting into a different device from which the authenticated session was originally established, and that different device has no ability to provide the interface screens for providing the content of the second factor or has no device for obtaining the content.
As still another example, consider a Representational State Transfer (REST) interface within a browser-based interface, a single Graphical User Interface (GUI) provides a single user interface within a browser for accessing a variety of external services using a third-party authentication provider for authentication to these resources. The authentication provider may receive a second factor request from an external service and have no mechanism to identify the authenticated session that the authentication provider has to request the second factor from and no mechanism for linking into that original authenticated session. When this occurs, an error is returned to the requester of the second factor and the user has no ability to authenticate to the desired service during the user's authenticated session.
In short, services that users access are now spread across clouds with no regard to any geographical, software, and/or device component limitations such that when multi-factor authentication is required existing user environments are incapable of seamlessly obtaining content relevant to the multi-factor authentication.